57c57< CONFIG_LOCALVERSION="-160802"---> CONFIG_LOCALVERSION="-160807-kvm"91a92> # CONFIG_IRQ_DOMAIN_DEBUG is not set134a136> # CONFIG_TREE_RCU_TRACE is not set220a223> CONFIG_USER_RETURN_NOTIFIER=y273a277> # CONFIG_GCOV_KERNEL is not set329a334> CONFIG_PREEMPT_NOTIFIERS=y357a363> # CONFIG_IOSF_MBI_DEBUG is not set442a449> CONFIG_MEMORY_BALLOON=y449a457> CONFIG_MMU_NOTIFIER=y487a496> # CONFIG_KEXEC is not set551a561> # CONFIG_ACPI_CUSTOM_METHOD is not set782a793> CONFIG_BRIDGE_NETFILTER=m920a932> # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set1028a1041,1042> # CONFIG_NF_TABLES_BRIDGE is not set> # CONFIG_BRIDGE_NF_EBTABLES is not set1035c1049,1051< # CONFIG_BRIDGE is not set---> CONFIG_STP=y> CONFIG_BRIDGE=y> CONFIG_BRIDGE_IGMP_SNOOPING=y1038a1055> CONFIG_LLC=y1157a1175> # CONFIG_VIRTIO_BLK is not set1339a1358> # CONFIG_SCSI_VIRTIO is not set1421c1440< # CONFIG_TUN is not set---> CONFIG_TUN=y1423a1443> # CONFIG_VIRTIO_NET is not set1429a1450,1453> CONFIG_VHOST_NET=y> CONFIG_VHOST_RING=y> CONFIG_VHOST=y> # CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set1472a1497> # CONFIG_SKY2_DEBUG is not set1730a1756> # CONFIG_DEVKMEM is not set1749a1776> # CONFIG_VIRTIO_CONSOLE is not set1755a1783> # CONFIG_HW_RANDOM_VIRTIO is not set1765a1794> CONFIG_DEVPORT=y2657a2687> # CONFIG_DRM_VIRTIO_GPU is not set3303c3333,3335< # CONFIG_VIRT_DRIVERS is not set---> CONFIG_IRQ_BYPASS_MANAGER=y> CONFIG_VIRT_DRIVERS=y> CONFIG_VIRTIO=y3308c3340,3343< # CONFIG_VIRTIO_PCI is not set---> CONFIG_VIRTIO_PCI=y> CONFIG_VIRTIO_PCI_LEGACY=y> CONFIG_VIRTIO_BALLOON=y> CONFIG_VIRTIO_INPUT=y3377a3413> # CONFIG_AMD_IOMMU_STATS is not set3421a3458> # CONFIG_AMD_MCE_INJ is not set3610a3648> # CONFIG_NFSD_FAULT_INJECTION is not set3618a3657> # CONFIG_SUNRPC_DEBUG is not set3696a3736> # CONFIG_DYNAMIC_DEBUG is not set3707a3748,3749> # CONFIG_PAGE_OWNER is not set> CONFIG_DEBUG_FS=y3727a3770> # CONFIG_DEBUG_KMEMLEAK is not set3738a3782> # CONFIG_KCOV is not set3788a3833> # CONFIG_NOTIFIER_ERROR_INJECTION is not set3800a3846,3863> CONFIG_TRACING_SUPPORT=y> CONFIG_FTRACE=y> # CONFIG_FUNCTION_TRACER is not set> # CONFIG_IRQSOFF_TRACER is not set> # CONFIG_PREEMPT_TRACER is not set> # CONFIG_SCHED_TRACER is not set> # CONFIG_ENABLE_DEFAULT_TRACERS is not set> # CONFIG_FTRACE_SYSCALLS is not set> # CONFIG_TRACER_SNAPSHOT is not set> CONFIG_BRANCH_PROFILE_NONE=y> # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set> # CONFIG_PROFILE_ALL_BRANCHES is not set> # CONFIG_STACK_TRACER is not set> # CONFIG_BLK_DEV_IO_TRACE is not set> # CONFIG_UPROBE_EVENT is not set> # CONFIG_PROBE_EVENTS is not set> # CONFIG_MMIOTRACE is not set> # CONFIG_TRACEPOINT_BENCHMARK is not set3804a3868> # CONFIG_LKDTM is not set3838a3903> # CONFIG_X86_PTDUMP is not set3855a3921> # CONFIG_DEBUG_BOOT_PARAMS is not set3860a3927> # CONFIG_PUNIT_ATOM_DEBUG is not set3926c3993< CONFIG_PAX_MEMORY_UDEREF=y---> # CONFIG_PAX_MEMORY_UDEREF is not set3938c4005< CONFIG_GRKERNSEC_KMEM=y---> # CONFIG_GRKERNSEC_KMEM is not set4229c4296,4313< # CONFIG_VIRTUALIZATION is not set---> CONFIG_HAVE_KVM_IRQCHIP=y> CONFIG_HAVE_KVM_IRQFD=y> CONFIG_HAVE_KVM_IRQ_ROUTING=y> CONFIG_HAVE_KVM_EVENTFD=y> CONFIG_KVM_APIC_ARCHITECTURE=y> CONFIG_KVM_MMIO=y> CONFIG_KVM_ASYNC_PF=y> CONFIG_HAVE_KVM_MSI=y> CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y> CONFIG_KVM_VFIO=y> CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y> CONFIG_KVM_COMPAT=y> CONFIG_HAVE_KVM_IRQ_BYPASS=y> CONFIG_VIRTUALIZATION=y> CONFIG_KVM=y> # CONFIG_KVM_INTEL is not set> CONFIG_KVM_AMD=y> # CONFIG_KVM_DEVICE_ASSIGNMENT is not set

That's a lot of changes. I thought I'd post this, because there are changes to the config which are difficult to make for a newbie in kernel compiling.

Here's why. If you grep out only the old kernel from above (on the left):

< CONFIG_LOCALVERSION="-160802"< # CONFIG_BRIDGE is not set< # CONFIG_TUN is not set< # CONFIG_VIRT_DRIVERS is not set< # CONFIG_VIRTIO_PCI is not set< CONFIG_PAX_MEMORY_UDEREF=y< CONFIG_GRKERNSEC_KMEM=y< # CONFIG_VIRTUALIZATION is not set

you can see that I had to relinquish having "CONFIG_PAX_MEMORY_UDEREF" and "CONFIG_GRKERNSEC_KMEM" in the new, kvm enabled kernel.

When some of those are enabled, the KVM options (in the guide that I already said I followed: https://wiki.gentoo.org/wiki/QEMU ) are just not available in the config.

.config - Linux/x86 4.6.5-hardened-r1 Kernel Configuration → Security options → Grsecurity → Customize Configuration → Memory Protections ──────────────── ┌─────────────── Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port ───────────────┐ │ CONFIG_GRKERNSEC_KMEM: │ │ │ │ If you say Y here, /dev/kmem and /dev/mem won't be allowed to │ │ be written to or read from to modify or leak the contents of the running │ │ kernel. /dev/port will also not be allowed to be opened, writing to │ │ /dev/cpu/*/msr will be prevented, and support for kexec will be removed. │ │ If you have module support disabled, enabling this will close up several │ │ ways that are currently used to insert malicious code into the running │ │ kernel. │ │ │ │ Even with this feature enabled, we still highly recommend that │ │ you use the RBAC system, as it is still possible for an attacker to │ │ modify the running kernel through other more obscure methods. │ │ │ │ Enabling this feature will prevent the "cpupower" and "powertop" tools │ │ from working and excludes debugfs from being compiled into the kernel. │ │ │ │ It is highly recommended that you say Y here if you meet all the │ │ conditions above. │ │ │ │ Symbol: GRKERNSEC_KMEM [=n] │ │ Type : boolean │ │ Prompt: Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port │ │ Location: │ │ -> Security options │ │ -> Grsecurity │ │ -> Grsecurity (GRKERNSEC [=y]) │ │ -> Customize Configuration │ │ -> Memory Protections │ │ Defined at grsecurity/Kconfig:7 │ │ Depends on: GRKERNSEC [=y] │ │ Selects: STRICT_DEVMEM [=y] │ │ │

...and I can't remember now which exact of the features newly set simply wasn't there for as long as the "GRKERNSEC_KMEM" was enabled... But I think it was, allow pasting as it is on that guide on Gentoo Wiki that I followed:

And I compiled the kernel, and installed it. It's a change deep inside of the code, it's not a minor change, the virtualization, and it takes time something like complete recompile, as if with a brand new kernel compilation.

And reboot into the new kernel, since only now

(the Gentoo wiki needsto be corrected where it reads:

If KVM support is available there should be a "kvm" device listed at /dev/kvm